How To Mitigate Login Attacks

Brute force and dictionary attacks use recursive attempts to guess passwords. One of the most effective approaches to mitigate this is to implement a delay between login attempts, which effectively slows down these scripts just enough to render them useless. The problem with implementing 'account lockout' as an alternative is that its open for abuse, and also may create some administrative overhead. This short article uses a simplified example to illustrate this principle.

1. The first step is to create a simple Pojo that represents a failed login, we give it the ability to count failed attempts, and give it a time to live.